Security Notification: glibc getaddrinfo() stack-based buffer overflow (CVE-2015-7547)

It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. You can find more information about the issue in this post:

All versions of glibc after 2.9 are vulnerable. Version 2.9 was introduced in May 2008.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.

Please take a moment to check if your image is vulnerable by following the instructions in our wiki:
https://wiki.bitnami.com/security/2016-02-17_glibc_getaddrinfo()_stack-based_buffer_overflow_(CVE-2015-7547)

You can update your version of kernel by running one of the following commands that is specific to your distribution:

• Ubuntu

sudo apt-get update && sudo apt-get install unattended-upgrades && sudo unattended-upgrade  

You will have the fixed version of the glibc library: 2.19-0ubuntu6.7

• Debian 

sudo apt-get update && sudo apt-get install unattended-upgrades && sudo unattended-upgrade 

You will have the fixed version of the glibc library: 2.13-38+deb7u10

• Oracle Linux 

sudo yum update glibc 

You will have the fixed version of the glibc library: 2.12-1.166.el6_7.7

• Amazon Linux 

sudo yum update glibc 

You will have the fixed version of the glibc library: glibc-2.17-106.166.amzn1.x86_64

• RedHat Linux

sudo yum update glibc 

You will have the fixed version of the glibc library: 2.12-1.166.el6_7.7

If you have any questions about this process, please post to our community support forum and we will be happy to help!

Security Notification: Linux kernel vulnerability (CVE-2016-0728)

UPDATE: January 22, 2016

As of this posting, all affected Bitnami virtual machines and cloud images have been patched for Linux kernel vulnerability CVE-2016-0728. This includes all downloadable virtual machines as as well as Bitnami images on Amazon AWS, Bitnami Cloud Hosting, Centurylink, Digital Ocean, Google Cloud Platform, Microsoft Azure, Oracle Cloud Platform, and VMware vCloud Air public clouds.

For instructions on how to patch currently running systems, please see below.

------------------------------------

A new security vulnerability in the linux kernel has been discovered. You can find out more information about it in this link.

Any Bitnami-packaged image that was launched before January 20th, 2016 could be vulnerable if it has the version 3.8 of the kernel or later.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.

Please take a moment to check if your image is vulnerable by following the instructions in our wiki:

https://wiki.bitnami.com/security/2016-01-20_LINUX_KERNEL_VULNERABILITY_(CVE-2016-0728)


You can update the version of the kernel running the following commands (you must run the command specific to your distribution):

• Ubuntu 

sudo apt-get update && sudo apt-get dist-upgrade

You'll have the fixed version of the kernel after rebooting your server: 3.13.0-76-generic

• Debian 

sudo apt-get update && sudo apt-get dist-upgrade

You'll have the fixed version of the kernel after rebooting your server: 3.16.7-ckt20-1

• Oracle Linux 

sudo yum update
sudo yum upgrade

You'll have the fixed version of the kernel after rebooting your server: 3.8.13-118.2.5.el6uek.x86_64

• Amazon Linux 

sudo yum clean all
sudo yum update kernel

You'll have the fixed version of the kernel after rebooting your server: 4.1.13-19.31.amzn1.x86_64

• RedHat Linux. The version Red Hat 6.6 is not affected by this issue.

If you have any questions about this process, please post to our community support forum and we will be happy to help!

New HVM Amazon instances now available in Bitnami Cloud Hosting and more!

A few weeks ago we announced that Amazon released a new type of cloud servers, the T2 instance family. T2 servers use Hardware-assisted Virtualization (HVM) and provide great price/performance value for common scenarios. We updated our cloud images right away, allowing you to launch T2-powered Bitnami apps directly from the AWS console.

Today we are happy to announce that we have added HVM virtualization to Bitnami Cloud Hosting, and now you can launch servers based on the T2 and R3 instance types.

We have also added support in Bitnami Cloud Hosting to the latest versions of Ubuntu (14.04 LTS) and Amazon Linux (2013.03.2), so you can get the most out of the new instance types.

Steps to create an HVM instance in Bitnami Cloud Hosting:  

When you create a new server, you can now choose the virtualization type (HVM or Paravirtual) in the operating system selector.

Once you have selected an HVM based operating system, you will see the new instance types T2 and R3.

It's that easy!

New Bitnami Ubuntu 14.04 images on Azure

We are happy to announce updated Bitnami application images for the Azure cloud. These new images are based on Ubuntu 14.04, the latest long-term support release of the popular operating system.

Ubuntu 14.04 provides improved performance, usability and security for a large number of scenarios. This includes cloud deployments, where Ubuntu is already the preferred operating system for many users. You can learn more about Ubuntu 14.04 new features in the release notes announcement.

Over time, we will be making Ubuntu 14.04 the default operating system for our virtual machines and other cloud offerings. Currently the best way to enjoy this new version is to head over to the VMDepot website or use our own Azure Launchpad to launch your favorite apps on Microsoft Azure with one click. 

Enjoy!

BitNami Cloud Hosting support for RHEL 6.3, Amazon Linux

.

BitNami Cloud Hosting simplifies the deployment of popular web applications and development runtimes on the Amazon Cloud. It provides the same ease of use and convenience that you have come to expect from BitNami stacks but also adds automatic backups, monitoring, one-click resizing and many more features. We have a diverse user base, ranging from students to governments to web developers and enterprise business users. Different users favor different underlying operating systems for deployment, either because of personal preferences/expertise or because it is a company standard. We offer you a choice of Ubuntu, Red Hat Enterprise Linux, Fedora and Amazon Linux.

Today we released updated versions of RHEL and Amazon Linux in our platform: RHEL 6.3 and Amazon Linux 2012.09.0   To take advantage of them just log in to your console and click "New server" You will be running an instance with your favorite OS and apps in just a few minutes. Enjoy!

BitNami Supports Ubuntu 12.04

Last week, Ubuntu 12.04 was released, and we are happy to report that  our BitNami virtual machine images and cloud templates (AMIs) have been updated to include this latest and greatest release of Ubuntu! Because 12.04 is an LTS, or "Long Term Support" release, this version of Ubuntu will be supported for 5 years, so you can feel confident deploying systems of all types on it.

The BitNami VMs and AMIs make it incredibly easy to check out Ubuntu 12.04 - just fire up a VM in a virtual environment or spin up a cloud instance and you will be good to go. Enjoy!